>Number: 43357
>Category: misc
>Synopsis: initial security run output is too large
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue May 25 23:05:00 +0000 2010
>Originator: David A. Holland
>Release: NetBSD 5.1_RC2
>Organization:
>Environment:
System: NetBSD amberdon 5.1_RC2 NetBSD 5.1_RC2 (GENERIC) #0: Fri May 21
00:29:51 UTC 2010
builds%b7.netbsd.org@localhost:/home/builds/ab/netbsd-5-1-RC2/amd64/201005210534Z-obj/home/builds/ab/netbds-5-1-RC2/src/sys/arch/amd64/compile/GENERIC
amd64
Architecture: amd64
Machine: x86_64
>Description:
The initial security run output after installing a new machine is some
32,000 lines. Nobody will ever page through this, so if bad stuff gets
in on the first day it will never be detected.
About 80% of this is the first diff, against /dev/null, of ~every file
in /etc; most the rest is "Device additions" for every device in /dev.
>How-To-Repeat:
Install. Actually read root's mail.
>Fix:
sysinst should preload /var/backups; moreover, it should do it with
the original distribution versions of things, so the user's config
changes *are* reflected in the first nightly security mail and so the
distribution versions are available for reference. This would have a
number of additional benefits beyond reducing the mail size.